US2024430104A1PendingUtilityA1

Device Authentication using Blockchain

64
Assignee: CEREMORPHIC INCPriority: Jun 26, 2021Filed: Sep 4, 2024Published: Dec 26, 2024
Est. expiryJun 26, 2041(~14.9 yrs left)· nominal 20-yr term from priority
H04L 9/50H04L 9/30H04L 9/3239H04L 2209/805H04L 9/3297G09C 1/00H04L 9/3247
64
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

An unenrolled lightweight node is on a decentralized network with a trusted node and a plurality of peers. The unenrolled lightweight node and the peers run a lightweight blockchain consensus algorithm. The unenrolled lightweight node includes (a) circuitry for storing a token that includes a signature that includes at least a signature of at least a first identifier signed with a private key of the trusted node, the first identifier being associated with a public key of the unenrolled lightweight node, and (b) circuitry for broadcasting a request for blockchain enrollment of the unenrolled lightweight node to the plurality of peers. The authentication request including at least a second identifier that is associated with at least a public key of the unenrolled lightweight node, a signature created with at least the second identifier and a corresponding private key of the unenrolled lightweight node, and the token.

Claims

exact text as granted — not AI-modified
1 . An unenrolled lightweight node on a decentralized network with at least a trusted node and a plurality of peers that include at least one enrolled lightweight node, the unenrolled lightweight node and the peers running a lightweight blockchain consensus algorithm, the unenrolled lightweight node comprising:
 circuitry for storing a token that includes a signature that includes at least a signature of at least a first identifier signed with a private key of the trusted node, the first identifier being associated with a public key of the unenrolled lightweight node; and   circuitry for broadcasting a request for blockchain enrollment of the unenrolled lightweight node to the plurality of peers, including to the at least one enrolled lightweight node, the authentication request including at least a second identifier that is associated with at least a public key of the unenrolled lightweight node, a signature created with at least the second identifier and a corresponding private key of the unenrolled lightweight node, and the token.   
     
     
         2 . The unenrolled lightweight node of  claim 1 ,
 wherein the first identifier includes at least a hash of the public key of the unenrolled lightweight node, and   wherein the second identifier includes at least a hash of the public key of the unenrolled lightweight node.   
     
     
         3 . The unenrolled lightweight node of  claim 2 , wherein the hashes of the public key of the of the unenrolled lightweight node were created with a SHA-3 hash algorithm. 
     
     
         4 . The unenrolled lightweight node of  claim 1 ,
 wherein the signature with the private key of the trusted node was created by the first identifier, the public key of the unenrolled lightweight node, and a timestamp each being signed with the private key of the trusted node; and   wherein the signature with the private key of the unenrolled lightweight node was created with the second identifier, the token, and the public key of the unenrolled lightweight node being signed with the private key of the unenrolled lightweight node.   
     
     
         5 . The unenrolled lightweight node of  claim 1 , wherein the authentication request further includes the public key of the unenrolled lightweight node. 
     
     
         6 . The unenrolled lightweight node of  claim 1 , further comprising:
 circuitry for receiving from at least one peer decentralized network a block for authentication and inclusion in a blockchain, the block including at least a transaction for enrollment of the unenrolled lightweight node, the transaction including at least the request for blockchain enrollment.   
     
     
         7 . The unenrolled lightweight node of  claim 6 , further comprising:
 circuitry for utilizing a lightweight consensus algorithm to reach a consensus with the plurality of peers of the decentralized network, the consensus being a consensus to approve the block and to add the block to the blockchain or to reject the block and to not add the block to the blockchain.   
     
     
         8 . The unenrolled lightweight node of  claim 7 , further comprising:
 circuitry for adding the block to a blockchain responsive to a consensus to add the block to the blockchain, wherein the unenrolled lightweight node thereupon becomes enrolled in the decentralized network; and   circuitry for storing a block identifier of the block and an intermediate Merkle tree hash associated with the block in memory of the now enrolled lightweight node.   
     
     
         9 . The unenrolled lightweight node of  claim 1 , further comprising circuitry for receiving the token from the trusted node. 
     
     
         10 . An enrolled lightweight node on a decentralized network with at least one unenrolled lightweight node and one trusted node, the enrolled lightweight node comprising:
 circuitry for receiving from the unenrolled lightweight node an authentication request that includes at least:
 a) a token that includes a signature that includes at least a signature of at least a first identifier signed with a private key of the trusted node, the first identifier being associated with a public key of the unenrolled lightweight node; and 
 b) a second identifier that is associated with at least a public key of the unenrolled lightweight node and a second signature created with at least at least the second identifier and a corresponding private key of the unenrolled lightweight node; and 
   circuitry for broadcasting the authentication request to at least one other enrolled lightweight node of the decentralized network.   
     
     
         11 . The enrolled lightweight node of  claim 10 , further comprising:
 circuitry for authenticating the first signature at least in part with the public key of the trusted node; and   circuitry for authenticating the second signature at least in part with the public key of the unenrolled node.   
     
     
         12 . The enrolled lightweight node of  claim 11 , further comprising
 circuitry for creating a block that includes at least the authentication request, responsive to successful authentication of the first and second signatures; and   circuitry for utilizing the lightweight blockchain consensus algorithm for reaching consensus regarding whether to accept or reject the block.   
     
     
         13 . The enrolled lightweight node of  claim 12 , further comprising:
 circuitry for adding the block to a block chain responsive to a consensus to add the block to the blockchain, wherein the unenrolled lightweight node thereupon becomes enrolled in the decentralized network.   
     
     
         14 . The enrolled lightweight node of  claim 10 , wherein the at least one enrolled node is configured to store at least a lightweight blockchain with at least one block with a block header that includes a data Merkle root computed at least in part from a least one Merkle tree node containing a hash value computed directly or indirectly from a hash value computed from a combination of a public key and a validity value for the public key. 
     
     
         15 . A method of establishing a secure connection on a decentralized network between a first lightweight node of the decentralized network and a second lightweight node of the decentralized network, the method performed with the first lightweight node, the method including at least:
 transmitting a first nonce to the second lightweight node; and   receiving from the second node at least (1) a signature created with at least a private key of the second lightweight node and the first nonce, (2) a public key of the second lightweight node, (3) a block identifier corresponding to a block in a blockchain in which the second lightweight node was registered (4) one or more first intermediate Merkle tree hashes associated with the block, and (5) a second nonce.   
     
     
         16 . The method of  claim 15 , further comprising:
 accessing a copy of a blockchain stored in the first lightweight node;   locating a block in the copy of the blockchain that corresponds to the block identifier;   accessing a first Merkle root associated with the located block;   with at least the public key of the second lightweight node and the received one or more intermediate hashes, computing a second Merkle root;   determining if the first and second Merkle roots match; and   if the first and second Merkle roots match determine that the public key is registered in the decentralized network.   
     
     
         17 . The method of  claim 16 , further comprising:
 with the public key verifying the signature; and   upon verification of the signature, determining that the public key is validly associated with the second lightweight node and that the second lightweight node is an authentic node on the decentralized network.   
     
     
         18 . The method of  claim 17 , further comprising:
 transmitting to the second lightweight node at least (1) a signature created with at least a private key of the first lightweight node and the second nonce, (2) a public key of the first lightweight node, (3) a block identifier corresponding to a block in a blockchain in which the first lightweight node was registered (4) and one or more second intermediate Merkle tree hashes associated with the block and the first lightweight node.   
     
     
         19 . The method of  claim 18 , further comprising:
 responsive to being authenticated by the second lightweight node, establishing a secure channel with the second lightweight node.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.